GitHub Denies Getting Hacked

GitHub has denied rumors today of getting hacked after a mysterious entity shared what they claimed to be the source code of the GitHub.com and GitHub Enterprise portals. From a report: The “supposed” source code was leaked via a commit to GitHub’s DMCA section. The commit was also faked to look like it originated from GitHub CEO Nat Friedman. But in a message posted on YCombinator’s Hacker News portal, Friedman denied that it was him and that GitHub got hacked in any way. Friedman said the “leaked source code” didn’t cover all of GitHub’s code but only the GitHub Enterprise Server product. This is a version of GitHub Enterprise that companies can run on their own on-premise servers in case they need to store source code locally for security reasons but still want to benefit from GitHub Enterprise features. Friedman said this source code had already leaked months before due


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/8Mvb0xbzaZs/github-denies-getting-hacked

Original article

Google To GitHub: Time’s Up — This Unfixed ‘High-Severity’ Security Bug Affects Developers

Google Project Zero, the Google security team that finds bugs in all popular software, has disclosed what it classes a high-severity flaw on GitHub after the code-hosting site asked for a double extension on the normal 90-day disclosure deadline. From a report: The bug in GitHub’s Actions feature — a developer workflow automation tool — has become one of the rare vulnerabilities that wasn’t properly fixed before Google Project Zero’s (GPZ) standard 90-day deadline expired. Over 95.8% of flaws are fixed within the deadline, according to Google’s hackers. GPZ is known to be generally strict with its 90-day deadline, but it appears GitHub was a little lax in its responses as the deadline approached after Google gave it every chance to fix the bug. As detailed in a disclosure timeline by GPZ’s Felix Wilhelm, the Google security team reported the issue to GitHub’s security on July 21 and a disclosure


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/wkUmh3o9W84/google-to-github-times-up----this-unfixed-high-severity-security-bug-affects-developers

Original article

‘Google App Engine’ Abused to Create Unlimited Phishing Pages

Google’s cloud-based service platform for developing and hosting web apps “can be abused to deliver phishing and malware while remaining undetected by leading enterprise security products,” reports Bleeping Computer, citing a startling discovery by security researcher Marcel Afrahim:

A Google App Engine subdomain does not only represent an app, it represents an app’s version, the service name, project ID, and region ID fields. But the most important point to note here is, if any of those fields are incorrect, Google App Engine won’t show a 404 Not Found page, but instead show the app’s “default” page (a concept referred to as soft routing)…

Essentially, this means there are a lot of permutations of subdomains to get to the attacker’s malicious app. As long as every subdomain has a valid “project_ID” field, invalid variations of other fields can be used at the attacker’s discretion to generate a long list of subdomains, which


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/XWNb_udkv0g/google-app-engine-abused-to-create-unlimited-phishing-pages

Original article

QR code use grows in popularity but poses hidden risks

The use of QR codes has risen during the pandemic as they offer a perfect solution to contactless interaction. But many employees are also using their mobile devices to scan QR codes for personal use, putting themselves and enterprise resources at risk. A new study from security platform MobileIron shows that 84 percent of people have scanned a QR code before, with 32 percent having done so in the past week and 26 percent in the past month. In the last six months, 38 percent of respondents say they have scanned a QR code at a restaurant, bar or café,… [Continue Reading]


Original URL: https://betanews.com/2020/09/15/qr-code-popularity-risks/

Original article

Hackers Hijack Routers’ DNS To Spread Malicious COVID-19 Apps

An anonymous reader quotes a report from Bleeping Computer: A new cyber attack is hijacking router’s DNS settings so that web browsers display alerts for a fake COVID-19 information app from the World Health Organization that is the Oski information-stealing malware. For the past five days, people have been reporting their web browser would open on its own and display a message prompting them to download a ‘COVID-19 Inform App’ that was allegedly from the World Health Organization (WHO). After further research, it was determined that these alerts were being caused by an attack that changed the DNS servers configured on their home D-Link or Linksys routers to use DNS servers operated by the attackers. As most computers use the IP address and DNS information provided by their router, the malicious DNS servers were redirecting victims to malicious content under the attacker’s control. “If your browser is randomly opening to


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/oAPqvUyce_g/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps

Original article

Ransomware Installs Gigabyte Driver To Kill Antivirus Products

A ransomware gang is installing vulnerable GIGABYTE drivers on computers it wants to infect. From a report: The purpose of these drivers is to allow the hackers to disable security products so their ransomware strain can encrypt files without being detected or stopped. This new novel technique has been spotted in two ransomware incidents so far, according to UK cybersecurity firm Sophos. In both cases, the ransomware was RobbinHood, a strain of “big-game” ransomware that’s usually employed in targeted attacks against selected, high-value targets. In a report published late last night, Sophos described this new technique as follows:
1. Ransomware gang gets a foothold on a victim’s network.
2. Hackers install legitimate Gigabyte kernel driver GDRV.SYS.
3. Hackers exploit a vulnerability in this legitimate driver to gain kernel access.
4. Attackers use the kernel access to temporarily disable the Windows OS driver signature enforcement.
5. Hackers install a malicious kernel driver named RBNL.SYS.
6. Attackers use


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/w087OEVbOzc/ransomware-installs-gigabyte-driver-to-kill-antivirus-products

Original article

Serious sudo flaw could be exploited to gain root access to Linux systems

Details of a nine-year-old security vulnerability with the sudo utility found in numerous Unix and Linux based operating systems have been revealed. The flaw, which affects the likes of Linux Mint and Elementary OS, could be exploited to give users root privileges on a vulnerable system. Sudo versions 1.7.1 to 1.8.30 are at risk if the pwfeedback option is enabled. See also: Google may have shared your videos with strangers Yet another Windows 10 update is causing problems Hacker demonstrates Remote Code Execution exploit for Windows Remote Desktop Gateway While the vulnerability is undoubtedly serious, there are elements of good… [Continue Reading]


Original URL: https://betanews.com/2020/02/06/sudo-pwfeedback-root-access-flaw/

Original article

Secure APIs by using OAuth 2.0

This tutorial shows you how to implement OAuth 2.0 schemes that are available in IBM API Connect to secure an API.
IBM API Connect provides two implementation modes, each of which provide different OAuth 2.0 schemes:
Confidential mode. A Confidential mode is suitable when an application is capable of maintaining the secrecy of the client secret. Use confidential mode when an application is capable of maintaining the secrecy of the client secret. This is usually the case when an application runs in a browser and accesses its own server when obtaining OAuth access tokens. As such, these schemes make use of the client secret. In the Confidential mode, we have three OAuth schemes: Application, Password and Access code.

Public mode. A Public mode is suitable when an application is incapable of maintaining the secrecy of the client secret. This is usually the case when the application is native on a computer or mobile


Original URL: https://developer.ibm.com/tutorials/securing-apis-oauth2-api-connect/

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: